[jboss-user] [Beginners Corner] - Tomcat fails to send WWW-Authenticate header when custom 401
wiwwy
do-not-reply at jboss.com
Mon Mar 16 22:29:07 EDT 2009
I'm running jboss-3.2.7 and need to use a custom 401 error page with my servlets. But by doing so, I don't get a dialog box asking me to authenticate and it immediately errors out and displays the custom 401 page. If I comment out the following from my web.xml,
<error-page>
| <error-code>401</error-code>
| <location>/unauth.jsp</location>
| </error-page>
then I properly get the dialog box prompting me to log in, but the default Tomcat/5.0.30 error page is used. After doing some cURL tests, I noticed that when I use a custom 401 error page, I lose the WWW-Authentication header that is passed via:
resp.setHeader("WWW-Authenticate", "Basic realm=\"" + realmName + "\"");
| resp.sendError(HttpServletResponse.SC_UNAUTHORIZED);
Searching the Internet shows that this could be a bug in many versions of Tomcat. Is there a fix or work-around for this bug?
View the original post : http://www.jboss.org/index.html?module=bb&op=viewtopic&p=4218467#4218467
Reply to the post : http://www.jboss.org/index.html?module=bb&op=posting&mode=reply&p=4218467
More information about the jboss-user
mailing list